summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/serverloop.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Keep track of number of bytes read and written. Needed for upcomingandreas2009-05-281-2/+6
| | | | | changes. Most code from Martin Forssen, maf at appgate dot com. ok markus@
* Put the globals in packet.c into a struct and don't access it directlyandreas2009-05-251-3/+3
| | | | | from other files. No functional changes. ok markus@ djm@
* tighten check for -R0:... forwarding: only allow dynamic allocation ifdjm2009-02-121-1/+2
| | | | want_reply is set in the packet
* support remote port forwarding with a zero listen port (-R0:...) todjm2009-02-121-4/+8
| | | | | dyamically allocate a listen port at runtime (this is actually specified in rfc4254); bz#1003 ok markus@
* make a2port() return -1 when it encounters an invalid port numberdjm2009-01-221-2/+2
| | | | | | | | | | | rather than 0, which it will now treat as valid (needed for future work) adjust current consumers of a2port() to check its return value is <= 0, which in turn required some things to be converted from u_short => int make use of int vs. u_short consistent in some other places too feedback & ok markus@
* backout 1.149, since it's not necessary and openssh clients sendmarkus2008-12-021-3/+3
| | | | broken CHANNEL_FAILURE/SUCCESS messages since about 2004; ok djm@
* only pass channel requests on session channels through to the sessiondjm2008-06-301-2/+3
| | | | channel handler, avoiding spurious log messages; ok! markus@
* Add a no-more-sessions@openssh.com global request extension that thedjm2008-06-101-1/+11
| | | | | | | | | | | | client sends when it knows that it will never request another session (i.e. when session multiplexing is disabled). This allows a server to disallow further session requests and terminate the session. Why would a non-multiplexing client ever issue additional session requests? It could have been attacked with something like SSH'jack: http://www.storm.net.nz/projects/7 feedback & ok markus
* unbreakmarkus2008-05-091-2/+5
| | | | | | | ssh -2 localhost od /bin/ls | true ignoring SIGPIPE by adding a new channel message (EOW) that signals the peer that we're not interested in any data it might send. fixes bz #85; discussion, debugging and ok djm@
* Try additional addresses when connecting to a port forward destinationdjm2008-05-091-11/+8
| | | | | | | | | whose DNS name resolves to more than one address. The previous behaviour was to try the first address and give up. Reported by stig AT venaas.com in bz#343 great feedback and ok markus@
* Implement a channel success/failure status confirmation callbackdjm2008-05-081-2/+4
| | | | | | | | | | | | | mechanism. Each channel maintains a queue of callbacks, which will be drained in order (RFC4253 guarantees confirm messages are not reordered within an channel). Also includes a abandonment callback to clean up if a channel is closed without sending confirmation messages. This probably shouldn't happen in compliant implementations, but it could be abused to leak memory. ok markus@ (as part of a larger diff)
* Allow all SSH2 packet types, including UNIMPLEMENTED to reset thedtucker2008-02-221-4/+3
| | | | keepalive timer (bz #1307). ok markus@
* Revert the change for bz #1307 as it causes connection aborts if an IGNOREdtucker2008-01-231-3/+1
| | | | | packet arrives while we're waiting in packet_read_expect (and possibly elsewhere).
* Make SSH2_MSG_UNIMPLEMENTED and SSH2_MSG_IGNORE messages reset thedtucker2007-12-281-1/+3
| | | | | | ServerAlive and ClientAlive timers. Prevents dropping a connection when these are enabled but the peer does not support our keepalives. bz #1307, ok djm@.
* exit instead of doing a blocking tcp send if we detect a client/server timeout,markus2006-10-111-3/+5
| | | | since the tcp sendqueue might be already full (of alive requests); ok dtucker, report mpf
* almost entirely get rid of the culture of ".h files that include .h files"deraadt2006-08-031-4/+6
| | | | | ok djm, sort of ok stevesk makes the pain stop in one easy step
* move #include <sys/param.h> out of includes.hstevesk2006-07-261-1/+2
|
* move #include <sys/time.h> out of includes.hstevesk2006-07-251-1/+2
|
* move #include <string.h> out of includes.hstevesk2006-07-221-1/+2
|
* missed some needed #include <unistd.h> when KERBEROS5=no; issue fromstevesk2006-07-201-1/+2
| | | | massimo@cedoc.mo.it
* move #include <errno.h> out of includes.h; ok markus@stevesk2006-07-111-1/+2
|
* move #include <fcntl.h> out of includes.hstevesk2006-07-091-1/+2
|
* move #include <pwd.h> out of includes.h; ok markus@stevesk2006-07-061-1/+2
|
* move #include <netinet/in.h> out of includes.h; ok deraadt@stevesk2006-07-051-1/+4
|
* spacingderaadt2006-03-251-3/+3
|
* Put $OpenBSD$ tags back (as comments) to replace the RCSID()s thatdjm2006-03-251-0/+1
| | | | Theo nuked - our scripts to sync -portable need them in the files
* spacingderaadt2006-03-201-0/+1
|
* sprinkle u_int throughout pty subsystem, ok markusderaadt2006-03-201-4/+4
|
* ARGSUSED for signal handlersderaadt2006-03-191-1/+3
|
* RCSID() can diederaadt2006-03-191-1/+0
|
* memory leaks detected by Coverity via elad AT netbsd.org;djm2006-03-191-1/+2
| | | | ok deraadt@ dtucker@
* move a debug() outside of a signal handler; ok markus@ a little while backdjm2006-03-041-2/+2
|
* move #include <signal.h> out of includes.h; ok markus@stevesk2006-02-201-1/+2
|
* move #include <sys/wait.h> out of includes.h; ok markus@stevesk2006-02-101-1/+4
|
* move #include <termios.h> out of includes.h; ok markus@stevesk2006-02-071-1/+3
|
* if forced_tun_device is not set, it is -1 and not SSH_TUNID_ANYreyk2005-12-131-2/+2
|
* two changes to the new ssh tunnel support. this breaks compatibilityreyk2005-12-081-7/+18
| | | | | | | | | | | | with the initial commit but is required for a portable approach. - make the tunnel id u_int and platform friendly, use predefined types. - support configuration of layer 2 (ethernet) or layer 3 (point-to-point, default) modes. configuration is done using the Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option in sshd_config(5). ok djm@, man page bits by jmc@
* Add support for tun(4) forwarding over OpenSSH, based on an idea andreyk2005-12-061-1/+33
| | | | | | | | | | | | initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client. ok djm@, markus@, jmc@ (manpages), tested and discussed with others
* make sure we clean up wtmp, etc. file when we receive a SIGTERM,djm2005-10-311-1/+35
| | | | | | SIGINT or SIGQUIT when running without privilege separation (the normal privsep case is already OK). Patch mainly by dtucker@ and senthilkumar_sen AT hotpop.com; ok dtucker@
* no need to escape single quotes in comments, no binary changedjm2005-10-301-2/+2
|
* fix regression I introduced in 4.2: X11 forwardings initiated afterdjm2005-10-101-2/+2
| | | | | a session has exited (e.g. "(sleep 5; xterm) &") would not start. bz #1086 reported by t8m AT centrum.cz; ok markus@ dtucker@
* knf says that a 2nd level indent is four (not three or five) spacesdjm2005-07-171-2/+2
|
* some signed/unsigned int comparison cleanups; markus@ okavsm2004-08-111-3/+4
|
* bz #756: add support for the cancel-tcpip-forward request for the server anddjm2004-05-211-1/+12
| | | | | the client (through the ~C commandline). reported by z3p AT twistedmatrix.com; ok markus@
* fix mem leaks; some fixes from Pete Flugstad; tested dtucker@markus2004-01-191-7/+7
|
* make ClientKeepAlive work for ssh -N, too (no login shell requested).markus2003-12-091-17/+15
| | | | | | 1) send a bogus channel request if we find a channel 2) send a bogus global request if we don't have a channel ok + test beck@
* Correct check for authctxt->valid. ok djm@dtucker2003-11-181-2/+2
|
* standardise arguments to auth methods - they should all take authctxt.djm2003-11-041-3/+3
| | | | check authctxt->valid rather then pw != NULL; ok markus@
* replace fatal_cleanup() and linked list of fatal callbacks with staticmarkus2003-09-231-8/+6
| | | | | | cleanup_exit() function. re-refine cleanup_exit() where appropriate, allocate sshd's authctxt eary to allow simpler cleanup in sshd. tested by many, ok deraadt@
* int -> u_int; ok djm@, deraadt@, mouring@markus2003-06-241-3/+3
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.